NEW FILES last 14 days

Paypal plugin now allows you to sell access to some of the content of your site or to establish management paying members of a club or association.

This new version 1.2 introduces a new type of product, subscritions. This feature allows you to create membership for one or several days, weeks, months or years. Users who subscribe online are automatically added to a group you specify. Group members can then access content reserved for them during the entire period of their membership. Once it is completed, the member is automatically removed from the group.

Many other new features are available with this release. Please refer to the wiki page for more details.

Starting with Geeklog 1.8.0, Geeklog will require PHP 5.2.0 or later to run. The last version of Geeklog to run on older PHP versions will be 1.7.2, to be released in early 2011.

To put things into perspective: Support for PHP 4 by the PHP development team offically ended on December 31, 2007. A last official release, PHP 4.4.9, was made on August 8, 2008. Since then, no security or other bugfixes have been released for PHP 4.

Some Linux distributions with long-term support, most notably Red Hat Enterprise Linux 4 (RHEL 4) and CentOS 4, shipped with PHP 4 at the time they were released and have therefore committed to continue PHP 4 support until the end of their support period. Therefore, unfortunately, there are still "supported" PHP 4 installations out there.

As a compromise and service to those of our users being "stuck" on such a setup, the Geeklog Team will continue to provide security fixes for the Geeklog 1.7 branch in a timely manner until February 29, 2012 (which coincides with the "End of Production 3 phase" for RHEL 4). Where by "timely", we mean "as soon as possible, but not necessarily on the same day as the then-current release". The further versions drift apart, the more work will it be for us to backport fixes.

Overall, however, we would really suggest that you switch to a host running PHP 5.2 or later, if at all possible and as soon as possible.

Geeklog 1.7.1sr1 addresses an XSS in the Configuration admin panel, reported by Aung Khant of the YGN Ethical Hacker Group. Due to the built-in CSRF protection this weakness is somewhat harder to exploit but we would nonetheless advise that you secure your site by installing this update ASAP.